IP

192.121.47.48

Network

192.121.46.0/23

Domain(s)

192.in-addr.arpa

Device

<enterprise field>: device.class <enterprise field>: device.productvendor

Operating System

SonicWall SonicOS

URL

http://192.121.47.48:4040/api/sonicos/tfa 404

HTTP Title

File not found!

Reverse DNS

48.47.121.192.in-addr.arpa

ASN

AS9009

Organization

M247 Europe SRL

Protocol

http

Source

sonicwall::mfa

Operating System

SonicWall SonicOS

HTTP Component(s)

SonicWall SonicWall

CPE(s)

<enterprise field>: cpe

Data MD5

5755cb1445e9589ecab966c61b395fa7

HTTP Header MD5

0e862c2c5c858aca5aaf86c297935dc8

HTTP Body MD5

326456eeee37a65622c86c2f63664d55

HTTP/1.0 404 Not Found
Server: SonicWALL
Expires: -1
Cache-Control: no-cache
Content-type: text/html;charset=UTF-8
X-Content-Type-Options: nosniff

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><title>File not found!</title><style type="text/css"><!--/*--><![CDATA[/*><!--*/ body { color: #000000; background-color: #FFFFFF; }

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T09:07:57.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/1999/xhtml",
            "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "326456eeee37a65622c86c2f63664d55",
         "bodymmh3" : 67183679,
         "component" : [
            {
               "product" : "SonicWall",
               "productvendor" : "SonicWall"
            }
         ],
         "headermd5" : "0e862c2c5c858aca5aaf86c297935dc8",
         "headermmh3" : 762823540,
         "title" : "File not found!"
      },
      "length" : 468
   },
   "asn" : "AS9009",
   "city" : "Milan",
   "country" : "IT",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.0 404 Not Found\r\nServer: SonicWALL\r\nExpires: -1\r\nCache-Control: no-cache\r\nContent-type: text/html;charset=UTF-8\r\nX-Content-Type-Options: nosniff\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\"><head><title>File not found!</title><style type=\"text/css\"><!--/*--><![CDATA[/*><!--*/ body { color: #000000; background-color: #FFFFFF; }",
   "datamd5" : "5755cb1445e9589ecab966c61b395fa7",
   "datammh3" : 1575132516,
   "device" : {
      "class" : "<enterprise field>: device.class",
      "productvendor" : "<enterprise field>: device.productvendor"
   },
   "domain" : [
      "192.in-addr.arpa"
   ],
   "forward" : "192.121.47.48",
   "host" : [
      48
   ],
   "hostname" : [
      "192.121.47.48",
      "48.47.121.192.in-addr.arpa"
   ],
   "ip" : "192.121.47.48",
   "ipv6" : "false",
   "latitude" : "45.4722",
   "location" : "45.4722,9.1922",
   "longitude" : "9.1922",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "M247 Europe SRL",
   "os" : "SonicOS",
   "osvendor" : "SonicWall",
   "port" : 4040,
   "productvendor" : "SonicWall",
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "Not Found",
   "reverse" : [
      "48.47.121.192.in-addr.arpa"
   ],
   "seen_date" : "2024-11-21",
   "source" : "sonicwall::mfa",
   "status" : 404,
   "subdomains" : [
      "121.192.in-addr.arpa",
      "47.121.192.in-addr.arpa"
   ],
   "subnet" : "192.121.46.0/23",
   "tld" : [
      "in-addr.arpa"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/api/sonicos/tfa"
}

IP

44.243.92.171

Network

44.224.0.0/11

Domain(s)

amazonaws.com

Device

<enterprise field>: device.class

URL

http://44.243.92.171:4040/./login.action 200

HTTP Title

Log In - Confluence

Reverse DNS

ec2-44-243-92-171.us-west-2.compute.amazonaws.com

ASN

AS16509

Organization

AMAZON-02

Protocol

http

Source

datascan::redirect::1

Product

F5 Nginx

HTTP Component(s)

Atlassian Confluence 7.4.17 8703 Atlassian Confluence Oracle Java

CPE(s)

<enterprise field>: cpe

Data MD5

eeb676ad7a1d557d703a025b4af49595

HTTP Header MD5

87f9efd78ead29c96aceb9265d6737b5

HTTP Body MD5

68d299cc91510df1cbd8e6c43b0be3cf

HTTP/1.1 200 OK
Connection: keep-alive
Date: Thu, 21 Nov 2024 09:07:07 GMT
Server: nginx
X-Confluence-Request-Time: 1732180027
Content-Type: text/html;charset=UTF-8
Cache-Control: no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=1joorg9qm3lw6wrpokiq4fqgobfzxapk; Path=/; Secure; HttpOnly
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=63072000
Content-Length: 31645

<!DOCTYPE html>
<html lang="en-US" >
<head>
                    <title>Log In - Confluence</title>
    <meta http-equiv="X-UA-Compatible" content="IE=EDGE,chrome=IE7">
<meta charset="UTF-8">
<meta id="confluence-context-path" name="confluence-context-path" content="">
<meta id="confluence-base-url" name="confluence-base-url" content="https://www.example.com">
    <meta id="atlassian-token" name="atlassian-token" content="e68dfa45d0ec9701eac9e51568b6020923c96741">
<script type="text/javascript">
        var contextPath = '';
</script>
    <meta name="robots" content="noindex,nofollow">
    <meta name="robots" content="noarchive">
    <meta name="confluence-request-time" content="1655127501448">
            <meta name="ajs-use-keyboard-shortcuts" content="true">
            <meta name="ajs-discovered-plugin-features" content="$discoveredList">
            <meta name="ajs-keyboardshortcut-hash" content="fff979e4c9da5640ff51afde5a995be8">
            <meta id="team-calendars-has-jira-link" content="true">
            <meta name="ajs-team-calendars-display-time-format" content="displayTimeFormat12">
            <meta id="team-calendars-display-week-number" content="false">
            <meta id="team-calendars-user-timezone" content="-07:00">
            <script type="text/x-template" id="team-calendars-messages" title="team-calendars-messages"><fieldset class="i18n hidden"><input type="hidden" name="calendar3.month.long.july" value="July"><input type="hidden" name="calendar3.day.short.wednesday" value="Wed"><input type="hidden" name="calendar3.day.short.thursday" value="Thu"><input type="hidden" name="calendar3.month.short.march" value="Mar"><input type="hidden" name="calendar3.month.long.april" value="April"><input type="hidden" name="calendar3.month.long.october" value="October"><input type="hidden" name="calendar3.month.long.august" value="August"><input type="hidden" name="calendar3.month.short.july" value="Jul"><input type="hidden" name="calendar3.month.short.may" value="May"><input type="hidden" name="calendar3.month.short.november" value="Nov"><input type="hidden" name="calendar3.day.long.friday" value="Friday"><input type="hidden" name="calendar3.day.long.sunday" value="Sunday"><input type="hidden" name="calendar3.day.long.saturday" value="Saturday"><input type="hidden" name="calendar3.month.short.april" value="Apr"><input type="hidden" name="calendar3.day.long.wednesday" value="Wednesday"><input type="hidden" name="calendar3.month.long.december" value="December"><input type="hidden" name="calendar3.month.short.october" value="Oct"><input type="hidden" name="calendar3.day.long.monday" value="Monday"><input type="hidden" name="calendar3.month.short.june" value="Jun"><input type="hidden" name="calendar3.day.short.monday" value="Mon"><input type="hidden" name="calendar3.day.short.tuesday" value="Tue"><input type="hidden" name="calendar3.day.short.saturday" value="Sat"><input type="hidden" name="calendar3.month.long.march" value="March"><input type="hidden" name="calendar3.month.long.june" value="June"><input type="hidden" name="calendar3.month.short.february" value="Feb"><input type="hidden" name="calendar3.month.short.august" value="Aug"><input type="hidden" name="calendar3.month.short.december" value="Dec"><input type="hidden" name="calendar3.day.short.sunday" value="Sun"><input type="hidden" name="calendar3.month.long.february" value="February"><input type="hidden" name="calendar3.day.long.tuesday" value="Tuesday"><input type="hidden" name="calendar3.month.long.may" value="May"><input type="hidden" name="calendar3.month.long.september" value="September"><input type="hidden" name="calendar3.month.long.november" value="November"><input type="hidden" name="calendar3.month.short.january" value="Jan"><input type="hidden" name="calendar3.month.short.september" value="Sep"><input type="hidden" name="calendar3.day.long.thursday" value="Thursday"><input type="hidden" name="calendar3.month.long.january" value="January"><input type="hidden" name="calendar3.day.short.friday" value="Fri"></fieldset></script>
            <meta name="ajs-is-confluence-admin" content="false">
            <meta name="ajs-connection-timeout" content="10000">
            <meta name="ajs-context-path" content="">
            <meta name="ajs-base-url" content="https://www.example.com">
            <meta name="ajs-version-number" content="7.4.17">
            <meta name="ajs-build-number" content="8703">
            <meta name="ajs-remote-user" content="">
            <meta name="ajs-remote-user-key" content="">
            <meta name="ajs-remote-user-has-licensed-access" content="false">
            <meta name="ajs-remote-user-has-browse-users-permission" content="false">
            <meta name="ajs-current-user-fullname" content="">
            <meta name="ajs-current-user-avatar-url" content="">
            <meta name="ajs-current-user-avatar-uri-reference" content="/images/icons/profilepics/anonymous.svg">
            <meta name="ajs-static-resource-url-prefix" content="/s/biaqv0/8703/189cb2l/_">
            <meta name="ajs-global-settings-attachment-max-size" content="104857600">
            <meta name="ajs-global-settings-quick-search-enabled" content="true">
            <meta name="ajs-user-locale" content="en_US">
            <meta name="ajs-enabled-dark-features" content="site-wide.shared-drafts,clc.quick.create,confluence.view.edit.transition,cql.search.screen,confluence-inline-comments-resolved,frontend.editor.v4,http.session.registrar,nps.survey.inline.dialog,confluence.efi.onboarding.new.templates,frontend.editor.v4.compatibility,atlassian.cdn.static.assets,pdf-preview,previews.sharing,previews.versions,file-annotations,confluence.efi.onboarding.rich.space.content,collaborative-audit-log,confluence.reindex.improvements,previews.conversion-service,editor.ajax.save,read.only.mode,graphql,previews.trigger-all-file-types,attachment.extracted.text.extractor,lucene.caching.filter,confluence.table.resizable,notification.batch,previews.sharing.pushstate,confluence-inline-comments-rich-editor,tc.tacca.dacca,site-wide.synchrony.opt-in,file-annotations.likes,gatekeeper-ui-v2,v2.content.name.searcher,mobile.supported.version,pulp,confluence-inline-comments,confluence-inline-comments-dangling-comment,quick-reload-inline-comments-flags">
            <meta name="ajs-atl-token" content="e68dfa45d0ec9701eac9e51568b6020923c96741">
            <meta name="ajs-confluence-flavour" content="VANILLA">
            <meta name="ajs-user-date-pattern" content="dd MMM yyyy">
            <meta name="ajs-access-mode" content="READ_WRITE">
            <meta name="ajs-render-mode" content="READ_WRITE">
            <meta name="ajs-date.format" content="MMM dd, yyyy">
    <link rel="shortcut icon" href="/s/biaqv0/8703/189cb2l/7/_/favicon.ico">
    <link rel="icon" type="image/x-icon" href="/s/biaqv0/8703/189cb2l/7/_/favicon.ico">
<link rel="search" type="application/opensearchdescription+xml" href="/opensearch/osd.action" title="Confluence"/>
    <script>
window.WRM=window.WRM||{};window.WRM._unparsedData=window.WRM._unparsedData||{};window.WRM._unparsedErrors=window.WRM._unparsedErrors||{};
WRM._unparsedData["com.atlassian.plugins.atlassian-plugins-webresource-plugin:context-path.context-path"]="\u0022\u0022";
WRM._unparsedData["com.atlassian.analytics.analytics-client:policy-update-init.policy-update-data-provider"]="false";
WRM._unparsedData["com.atlassian.analytics.analytics-client:programmatic-analytics-init.programmatic-analytics-data-provider"]="false";
WRM._unparsedData["com.atlassian.applinks.applinks-plugin:applinks-common-exported.applinks-help-paths"]="{\u0022entries\u0022:{\u0022applinks.docs.root\u0022:\u0022https://confluence.atlassian.com/display/APPLINKS-072/\u0022,\u0022applinks.docs.diagnostics.troubleshoot.sslunmatched\u0022:\u0022SSL+and+application+link+troubleshooting+guide\u0022,\u0022applinks.docs.diagnostics.troubleshoot.oauthsignatureinvalid\u0022:\u0022OAuth+troubleshooting+guide\u0022,\u0022applinks.docs.diagnostics.troubleshoot.oauthtimestamprefused\u0022:\u0022OAuth+troubleshooting+guide\u0022,\u0022applinks.docs.delete.entity.link\u0022:\u0022Create+links+between+projects\u0022,\u0022applinks.docs.adding.application.link\u0022:\u0022Link+Atlassian+applications+to+work+together\u0022,\u0022applinks.docs.administration.guide\u0022:\u0022Application+Links+Documentation\u0022,\u0022applinks.docs.oauth.security\u0022:\u0022OAuth+security+for+application+links\u0022,\u0022applinks.docs.troubleshoot.application.links\u0022:\u0022Troubleshoot+application+links\u0022,\u0022applinks.docs.diagnostics.troubleshoot.unknownerror\u0022:\u0022Network+and+connectivity+troubleshooting+guide\u0022,\u0022applinks.docs.configuring.auth.trusted.apps\u0022:\u0022Configuring+Trusted+Applications+authentication+for+an+application+link\u0022,\u0022applinks.docs.diagnostics.troubleshoot.authlevelunsupported\u0022:\u0022OAuth+troubleshooting+guide\u0022,\u0022applinks.docs.diagnostics.troubleshoot.ssluntrusted\u0022:\u0022SSL+and+application+link+troubleshooting+guide\u0022,\u0022applinks.docs.diagnostics.troubleshoot.unknownhost\u0022:\u0022Network+and+connectivity+troubleshooting+guide\u0022,\u0022applinks.docs.delete.application.link\u0022:\u0022Link+Atlassian+applications+to+work+together\u0022,\u0022applinks.docs.adding.project.link\u0022:\u0022Configuring+Project+links+across+Applications\u0022,\u0022applinks.docs.link.applications\u0022:\u0022Link+Atlassian+applications+to+work+together\u0022,\u0022applinks.docs.diagnostics.troubleshoot.oauthproblem\u0022:\u0022OAuth+troubleshooting+guide\u0022,\u0022applinks.docs.diagnostics.troubleshoot.migration\u0022:\u0022Update+application+links+to+use+OAuth\u0022,\u0022applinks.docs.relocate.application.link\u0022:\u0022Link+Atlassian+applications+to+work+together\u0022,\u0022applinks.docs.administering.entity.links\u0022:\u0022Create+links+between+projects\u0022,\u0022applinks.docs.upgrade.application.link\u0022:\u0022OAuth+security+for+application+links\u0022,\u0022applinks.docs.diagnostics.troubleshoot.connectionrefused\u0022:\u0022Network+and+connectivity+troubleshooting+guide\u0022,\u0022applinks.docs.configuring.auth.oauth\u0022:\u0022OAuth+security+for+application+links\u0022,\u0022applinks.docs.insufficient.remote.permission\u0022:\u0022OAuth+security+for+application+links\u0022,\u0022applinks.docs.configuring.application.link.auth\u0022:\u0022OAuth+security+for+application+links\u0022,\u0022applinks.docs.diagnostics\u0022:\u0022Application+links+diagnostics\u0022,\u0022applinks.docs.configured.authentication.types\u0022:\u0022OAuth+security+for+application+links\u0022,\u0022applinks.docs.adding.entity.link\u0022:\u0022Create+links+between+projects\u0022,\u0022applinks.docs.diagnostics.troubleshoot.unexpectedresponse\u0022:\u0022Network+and+connectivity+troubleshooting+guide\u0022,\u0022applinks.docs.configuring.auth.basic\u0022:\u0022Configuring+Basic+HTTP+Authentication+for+an+Application+Link\u0022,\u0022applinks.docs.diagnostics.troubleshoot.authlevelmismatch\u0022:\u0022OAuth+troubleshooting+guide\u0022}}";
WRM._unparsedData["com.atlassian.applinks.applinks-plugin:applinks-common-exported.applinks-types"]="{\u0022crowd\u0022:\u0022Crowd\u0022,\u0022confluence\u0022:\u0022Confluence\u0022,\u0022fecru\u0022:\u0022FishEye / Crucible\u0022,\u0022stash\u0022:\u0022Stash\u0022,\u0022jira\u0022:\u0022Jira\u0022,\u0022refapp\u0022:\u0022Reference Application\u0022,\u0022bamboo\u0022:\u0022Bamboo\u0022,\u0022generic\u0022:\u0022Generic Application\u0022}";
WRM._unparsedData["com.atlassian.applinks.applinks-plugin:applinks-common-exported.entity-types"]="{\u0022singular\u0022:{\u0022refapp.charlie\u0022:\u0022Charlie\u0022,\u0022fecru.project\u0022:\u0022Crucible Project\u0022,\u0022fecru.repository\u0022:\u0022FishEye Repository\u0022,\u0022stash.project\u0022:\u0022Stash Project\u0022,\u0022generic.entity\u0022:\u0022Generic Project\u0022,\u0022confluence.space\u0022:\u0022Confluence Space\u0022,\u0022bamboo.project\u0022:\u0022Bamboo Project\u0022,\u0022jira.project\u0022:\u0022Jira Project\u0022},\u0022plural\u0022:{\u0022refapp.charlie\u0022:\u0022Charlies\u0022,\u0022fecru.project\u0022:\u0022Crucible Projects\u0022,\u0022fecru.repository\u0022:\u0022FishEye Repositories\u0022,\u0022stash.project\u0022:\u0022Stash Projects\u0022,\u0022generic.entity\u0022:\u0022Generic Projects\u0022,\u0022confluence.space\u0022:\u0022Confluence Spaces\u0022,\u0022bamboo.project\u0022:\u0022Bamboo Projects\u0022,\u0022jira.project\u0022:\u0022Jira Projects\u0022}}";
WRM._unparsedData["com.atlassian.applinks.applinks-plugin:applinks-common-exported.authentication-types"]="{\u0022com.atlassian.applinks.api.auth.types.BasicAuthenticationProvider\u0022:\u0022Basic Access\u0022,\u0022com.atlassian.applinks.api.auth.types.TrustedAppsAuthenticationProvider\u0022:\u0022Trusted Applications\u0022,\u0022com.atlassian.applinks.api.auth.types.CorsAuthenticationProvider\u0022:\u0022CORS\u0022,\u0022com.atlassian.applinks.api.auth.types.OAuthAuthenticationProvider\u0022:\u0022OAuth\u0022,\u0022com.atlassian.applinks.api.auth.types.TwoLeggedOAuthAuthenticationProvider\u0022:\u0022OAuth\u0022,\u0022com.atlassian.applinks.api.auth.types.TwoLeggedOAuthWithImpersonationAuthenticationProvider\u0022:\u0022OAuth\u0022}";
WRM._unparsedData["com.atlassian.confluence.plugins.synchrony-interop:synchrony-status-banner-loader.synchrony-status"]="false";
WRM._unparsedData["com.atlassian.confluence.plugins.confluence-feature-discovery-plugin:confluence-feature-discovery-plugin-resources.test-mode"]="false";
WRM._unparsedData["com.atlassian.confluence.plugins.confluence-license-banner:confluence-license-banner-resources.license-details"]="{\u0022daysBeforeLicenseExpiry\u0022:0,\u0022daysBeforeMaintenanceExpiry\u0022:0,\u0022showLicenseExpiryBanner\u0022:false,\u0022showMaintenanceExpiryBanner\u0022:false,\u0022renewUrl\u0022:null,\u0022salesUrl\u0022:null}";
WRM._unparsedData["com.atlassian.confluence.plugins.confluence-search-ui-plugin:confluence-search-ui-plugin-resources.i18n-data"]="{\u0022search.ui.recent.link.text\u0022:\u0022View more recently visited\u0022,\u0022search.ui.filter.space.category.input.label\u0022:\u0022Find space categories...\u0022,\u0022search.ui.search.results.empty\u0022:\u0022We couldn\u005Cu0027\u005Cu0027t find anything matching \u005C\u0022{0}\u005C\u0022.\u0022,\u0022search.ui.filter.clear.selected\u0022:\u0022Clear selected items\u0022,\u0022search.ui.content.name.search.items.panel.load.all.top.items.button.text\u0022:\u0022Show more app results...\u0022,\u0022search.ui.filter.space.archive.label\u0022:\u0022Search archived spaces\u0022,\u0022search.ui.filter.label\u0022:\u0022filter\u0022,\u0022search.ui.filter.contributor.button.text\u0022:\u0022Contributor\u0022,\u0022search.ui.filter.date.all.text\u0022:\u0022Any time\u0022,\u0022search.ui.filter.space.current.label\u0022:\u0022CURRENT\u0022,\u0022search.ui.clear.input.button.text\u0022:\u0022Clear text\u0022,\u0022search.ui.search.results.clear.button\u0022:\u0022clear your filters.\u0022,\u0022search.ui.filter.date.hour.text\u0022:\u0022The past day\u0022,\u0022help.search.ui.link.title\u0022:\u0022Search tips\u0022,\u0022search.ui.filters.heading\u0022:\u0022Filter by\u0022,\u0022search.ui.filter.label.input.label\u0022:\u0022Find labels...\u0022,\u0022search.ui.recent.items.anonymous\u0022:\u0022Start exploring. Your search results will appear here.\u0022,\u0022search.ui.filter.date.month.text\u0022:\u0022The past month\u0022,\u0022search.ui.input.label\u0022:\u0022Search\u0022,\u0022search.ui.search.result\u0022:\u0022{0,choice,1#{0} search result|1\u005Cu003c{0} search results}\u0022,\u0022search.ui.infinite.scroll.button.text\u0022:\u0022More results\u0022,\u0022search.ui.filte

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T09:07:07.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "example.com",
            "atlassian.com"
         ],
         "hostname" : [
            "confluence.atlassian.com",
            "www.example.com"
         ],
         "url" : [
            "https://confluence.atlassian.com/display/APPLINKS-072/",
            "https://www.example.com"
         ]
      },
      "favicon" : {
         "url" : "/s/biaqv0/8703/189cb2l/7/_/favicon.ico"
      },
      "http" : {
         "bodymd5" : "68d299cc91510df1cbd8e6c43b0be3cf",
         "bodymmh3" : 1695896660,
         "component" : [
            {
               "productvendor" : "Oracle",
               "product" : "Java"
            },
            {
               "product" : "Confluence",
               "productvendor" : "Atlassian",
               "productversion" : "7.4.17",
               "productversionpatch" : "8703"
            },
            {
               "product" : "Confluence",
               "productvendor" : "Atlassian"
            }
         ],
         "headermd5" : "87f9efd78ead29c96aceb9265d6737b5",
         "headermmh3" : -1136017354,
         "title" : "Log In - Confluence"
      },
      "length" : 16384
   },
   "asn" : "AS16509",
   "city" : "Boardman",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nConnection: keep-alive\r\nDate: Thu, 21 Nov 2024 09:07:07 GMT\r\nServer: nginx\r\nX-Confluence-Request-Time: 1732180027\r\nContent-Type: text/html;charset=UTF-8\r\nCache-Control: no-cache, must-revalidate\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=1joorg9qm3lw6wrpokiq4fqgobfzxapk; Path=/; Secure; HttpOnly\r\nX-XSS-Protection: 1; mode=block\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Security-Policy: frame-ancestors 'self'\r\nStrict-Transport-Security: max-age=63072000\r\nContent-Length: 31645\r\n\r\n<!DOCTYPE html>\n<html lang=\"en-US\" >\n<head>\n                    <title>Log In - Confluence</title>\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=EDGE,chrome=IE7\">\n<meta charset=\"UTF-8\">\n<meta id=\"confluence-context-path\" name=\"confluence-context-path\" content=\"\">\n<meta id=\"confluence-base-url\" name=\"confluence-base-url\" content=\"https://www.example.com\">\n    <meta id=\"atlassian-token\" name=\"atlassian-token\" content=\"e68dfa45d0ec9701eac9e51568b6020923c96741\">\n<script type=\"text/javascript\">\n        var contextPath = '';\n</script>\n    <meta name=\"robots\" content=\"noindex,nofollow\">\n    <meta name=\"robots\" content=\"noarchive\">\n    <meta name=\"confluence-request-time\" content=\"1655127501448\">\n            <meta name=\"ajs-use-keyboard-shortcuts\" content=\"true\">\n            <meta name=\"ajs-discovered-plugin-features\" content=\"$discoveredList\">\n            <meta name=\"ajs-keyboardshortcut-hash\" content=\"fff979e4c9da5640ff51afde5a995be8\">\n            <meta id=\"team-calendars-has-jira-link\" content=\"true\">\n            <meta name=\"ajs-team-calendars-display-time-format\" content=\"displayTimeFormat12\">\n            <meta id=\"team-calendars-display-week-number\" content=\"false\">\n            <meta id=\"team-calendars-user-timezone\" content=\"-07:00\">\n            <script type=\"text/x-template\" id=\"team-calendars-messages\" title=\"team-calendars-messages\"><fieldset class=\"i18n hidden\"><input type=\"hidden\" name=\"calendar3.month.long.july\" value=\"July\"><input type=\"hidden\" name=\"calendar3.day.short.wednesday\" value=\"Wed\"><input type=\"hidden\" name=\"calendar3.day.short.thursday\" value=\"Thu\"><input type=\"hidden\" name=\"calendar3.month.short.march\" value=\"Mar\"><input type=\"hidden\" name=\"calendar3.month.long.april\" value=\"April\"><input type=\"hidden\" name=\"calendar3.month.long.october\" value=\"October\"><input type=\"hidden\" name=\"calendar3.month.long.august\" value=\"August\"><input type=\"hidden\" name=\"calendar3.month.short.july\" value=\"Jul\"><input type=\"hidden\" name=\"calendar3.month.short.may\" value=\"May\"><input type=\"hidden\" name=\"calendar3.month.short.november\" value=\"Nov\"><input type=\"hidden\" name=\"calendar3.day.long.friday\" value=\"Friday\"><input type=\"hidden\" name=\"calendar3.day.long.sunday\" value=\"Sunday\"><input type=\"hidden\" name=\"calendar3.day.long.saturday\" value=\"Saturday\"><input type=\"hidden\" name=\"calendar3.month.short.april\" value=\"Apr\"><input type=\"hidden\" name=\"calendar3.day.long.wednesday\" value=\"Wednesday\"><input type=\"hidden\" name=\"calendar3.month.long.december\" value=\"December\"><input type=\"hidden\" name=\"calendar3.month.short.october\" value=\"Oct\"><input type=\"hidden\" name=\"calendar3.day.long.monday\" value=\"Monday\"><input type=\"hidden\" name=\"calendar3.month.short.june\" value=\"Jun\"><input type=\"hidden\" name=\"calendar3.day.short.monday\" value=\"Mon\"><input type=\"hidden\" name=\"calendar3.day.short.tuesday\" value=\"Tue\"><input type=\"hidden\" name=\"calendar3.day.short.saturday\" value=\"Sat\"><input type=\"hidden\" name=\"calendar3.month.long.march\" value=\"March\"><input type=\"hidden\" name=\"calendar3.month.long.june\" value=\"June\"><input type=\"hidden\" name=\"calendar3.month.short.february\" value=\"Feb\"><input type=\"hidden\" name=\"calendar3.month.short.august\" value=\"Aug\"><input type=\"hidden\" name=\"calendar3.month.short.december\" value=\"Dec\"><input type=\"hidden\" name=\"calendar3.day.short.sunday\" value=\"Sun\"><input type=\"hidden\" name=\"calendar3.month.long.february\" value=\"February\"><input type=\"hidden\" name=\"calendar3.day.long.tuesday\" value=\"Tuesday\"><input type=\"hidden\" name=\"calendar3.month.long.may\" value=\"May\"><input type=\"hidden\" name=\"calendar3.month.long.september\" value=\"September\"><input type=\"hidden\" name=\"calendar3.month.long.november\" value=\"November\"><input type=\"hidden\" name=\"calendar3.month.short.january\" value=\"Jan\"><input type=\"hidden\" name=\"calendar3.month.short.september\" value=\"Sep\"><input type=\"hidden\" name=\"calendar3.day.long.thursday\" value=\"Thursday\"><input type=\"hidden\" name=\"calendar3.month.long.january\" value=\"January\"><input type=\"hidden\" name=\"calendar3.day.short.friday\" value=\"Fri\"></fieldset></script>\n            <meta name=\"ajs-is-confluence-admin\" content=\"false\">\n            <meta name=\"ajs-connection-timeout\" content=\"10000\">\n            <meta name=\"ajs-context-path\" content=\"\">\n            <meta name=\"ajs-base-url\" content=\"https://www.example.com\">\n            <meta name=\"ajs-version-number\" content=\"7.4.17\">\n            <meta name=\"ajs-build-number\" content=\"8703\">\n            <meta name=\"ajs-remote-user\" content=\"\">\n            <meta name=\"ajs-remote-user-key\" content=\"\">\n            <meta name=\"ajs-remote-user-has-licensed-access\" content=\"false\">\n            <meta name=\"ajs-remote-user-has-browse-users-permission\" content=\"false\">\n            <meta name=\"ajs-current-user-fullname\" content=\"\">\n            <meta name=\"ajs-current-user-avatar-url\" content=\"\">\n            <meta name=\"ajs-current-user-avatar-uri-reference\" content=\"/images/icons/profilepics/anonymous.svg\">\n            <meta name=\"ajs-static-resource-url-prefix\" content=\"/s/biaqv0/8703/189cb2l/_\">\n            <meta name=\"ajs-global-settings-attachment-max-size\" content=\"104857600\">\n            <meta name=\"ajs-global-settings-quick-search-enabled\" content=\"true\">\n            <meta name=\"ajs-user-locale\" content=\"en_US\">\n            <meta name=\"ajs-enabled-dark-features\" content=\"site-wide.shared-drafts,clc.quick.create,confluence.view.edit.transition,cql.search.screen,confluence-inline-comments-resolved,frontend.editor.v4,http.session.registrar,nps.survey.inline.dialog,confluence.efi.onboarding.new.templates,frontend.editor.v4.compatibility,atlassian.cdn.static.assets,pdf-preview,previews.sharing,previews.versions,file-annotations,confluence.efi.onboarding.rich.space.content,collaborative-audit-log,confluence.reindex.improvements,previews.conversion-service,editor.ajax.save,read.only.mode,graphql,previews.trigger-all-file-types,attachment.extracted.text.extractor,lucene.caching.filter,confluence.table.resizable,notification.batch,previews.sharing.pushstate,confluence-inline-comments-rich-editor,tc.tacca.dacca,site-wide.synchrony.opt-in,file-annotations.likes,gatekeeper-ui-v2,v2.content.name.searcher,mobile.supported.version,pulp,confluence-inline-comments,confluence-inline-comments-dangling-comment,quick-reload-inline-comments-flags\">\n            <meta name=\"ajs-atl-token\" content=\"e68dfa45d0ec9701eac9e51568b6020923c96741\">\n            <meta name=\"ajs-confluence-flavour\" content=\"VANILLA\">\n            <meta name=\"ajs-user-date-pattern\" content=\"dd MMM yyyy\">\n            <meta name=\"ajs-access-mode\" content=\"READ_WRITE\">\n            <meta name=\"ajs-render-mode\" content=\"READ_WRITE\">\n            <meta name=\"ajs-date.format\" content=\"MMM dd, yyyy\">\n    <link rel=\"shortcut icon\" href=\"/s/biaqv0/8703/189cb2l/7/_/favicon.ico\">\n    <link rel=\"icon\" type=\"image/x-icon\" href=\"/s/biaqv0/8703/189cb2l/7/_/favicon.ico\">\n<link rel=\"search\" type=\"application/opensearchdescription+xml\" href=\"/opensearch/osd.action\" title=\"Confluence\"/>\n    <script>\nwindow.WRM=window.WRM||{};window.WRM._unparsedData=window.WRM._unparsedData||{};window.WRM._unparsedErrors=window.WRM._unparsedErrors||{};\nWRM._unparsedData[\"com.atlassian.plugins.atlassian-plugins-webresource-plugin:context-path.context-path\"]=\"\\u0022\\u0022\";\nWRM._unparsedData[\"com.atlassian.analytics.analytics-client:policy-update-init.policy-update-data-provider\"]=\"false\";\nWRM._unparsedData[\"com.atlassian.analytics.analytics-client:programmatic-analytics-init.programmatic-analytics-data-provider\"]=\"false\";\nWRM._unparsedData[\"com.atlassian.applinks.applinks-plugin:applinks-common-exported.applinks-help-paths\"]=\"{\\u0022entries\\u0022:{\\u0022applinks.docs.root\\u0022:\\u0022https://confluence.atlassian.com/display/APPLINKS-072/\\u0022,\\u0022applinks.docs.diagnostics.troubleshoot.sslunmatched\\u0022:\\u0022SSL+and+application+link+troubleshooting+guide\\u0022,\\u0022applinks.docs.diagnostics.troubleshoot.oauthsignatureinvalid\\u0022:\\u0022OAuth+troubleshooting+guide\\u0022,\\u0022applinks.docs.diagnostics.troubleshoot.oauthtimestamprefused\\u0022:\\u0022OAuth+troubleshooting+guide\\u0022,\\u0022applinks.docs.delete.entity.link\\u0022:\\u0022Create+links+between+projects\\u0022,\\u0022applinks.docs.adding.application.link\\u0022:\\u0022Link+Atlassian+applications+to+work+together\\u0022,\\u0022applinks.docs.administration.guide\\u0022:\\u0022Application+Links+Documentation\\u0022,\\u0022applinks.docs.oauth.security\\u0022:\\u0022OAuth+security+for+application+links\\u0022,\\u0022applinks.docs.troubleshoot.application.links\\u0022:\\u0022Troubleshoot+application+links\\u0022,\\u0022applinks.docs.diagnostics.troubleshoot.unknownerror\\u0022:\\u0022Network+and+connectivity+troubleshooting+guide\\u0022,\\u0022applinks.docs.configuring.auth.trusted.apps\\u0022:\\u0022Configuring+Trusted+Applications+authentication+for+an+application+link\\u0022,\\u0022applinks.docs.diagnostics.troubleshoot.authlevelunsupported\\u0022:\\u0022OAuth+troubleshooting+guide\\u0022,\\u0022applinks.docs.diagnostics.troubleshoot.ssluntrusted\\u0022:\\u0022SSL+and+application+link+troubleshooting+guide\\u0022,\\u0022applinks.docs.diagnostics.troubleshoot.unknownhost\\u0022:\\u0022Network+and+connectivity+troubleshooting+guide\\u0022,\\u0022applinks.docs.delete.application.link\\u0022:\\u0022Link+Atlassian+applications+to+work+together\\u0022,\\u0022applinks.docs.adding.project.link\\u0022:\\u0022Configuring+Project+links+across+Applications\\u0022,\\u0022applinks.docs.link.applications\\u0022:\\u0022Link+Atlassian+applications+to+work+together\\u0022,\\u0022applinks.docs.diagnostics.troubleshoot.oauthproblem\\u0022:\\u0022OAuth+troubleshooting+guide\\u0022,\\u0022applinks.docs.diagnostics.troubleshoot.migration\\u0022:\\u0022Update+application+links+to+use+OAuth\\u0022,\\u0022applinks.docs.relocate.application.link\\u0022:\\u0022Link+Atlassian+applications+to+work+together\\u0022,\\u0022applinks.docs.administering.entity.links\\u0022:\\u0022Create+links+between+projects\\u0022,\\u0022applinks.docs.upgrade.application.link\\u0022:\\u0022OAuth+security+for+application+links\\u0022,\\u0022applinks.docs.diagnostics.troubleshoot.connectionrefused\\u0022:\\u0022Network+and+connectivity+troubleshooting+guide\\u0022,\\u0022applinks.docs.configuring.auth.oauth\\u0022:\\u0022OAuth+security+for+application+links\\u0022,\\u0022applinks.docs.insufficient.remote.permission\\u0022:\\u0022OAuth+security+for+application+links\\u0022,\\u0022applinks.docs.configuring.application.link.auth\\u0022:\\u0022OAuth+security+for+application+links\\u0022,\\u0022applinks.docs.diagnostics\\u0022:\\u0022Application+links+diagnostics\\u0022,\\u0022applinks.docs.configured.authentication.types\\u0022:\\u0022OAuth+security+for+application+links\\u0022,\\u0022applinks.docs.adding.entity.link\\u0022:\\u0022Create+links+between+projects\\u0022,\\u0022applinks.docs.diagnostics.troubleshoot.unexpectedresponse\\u0022:\\u0022Network+and+connectivity+troubleshooting+guide\\u0022,\\u0022applinks.docs.configuring.auth.basic\\u0022:\\u0022Configuring+Basic+HTTP+Authentication+for+an+Application+Link\\u0022,\\u0022applinks.docs.diagnostics.troubleshoot.authlevelmismatch\\u0022:\\u0022OAuth+troubleshooting+guide\\u0022}}\";\nWRM._unparsedData[\"com.atlassian.applinks.applinks-plugin:applinks-common-exported.applinks-types\"]=\"{\\u0022crowd\\u0022:\\u0022Crowd\\u0022,\\u0022confluence\\u0022:\\u0022Confluence\\u0022,\\u0022fecru\\u0022:\\u0022FishEye / Crucible\\u0022,\\u0022stash\\u0022:\\u0022Stash\\u0022,\\u0022jira\\u0022:\\u0022Jira\\u0022,\\u0022refapp\\u0022:\\u0022Reference Application\\u0022,\\u0022bamboo\\u0022:\\u0022Bamboo\\u0022,\\u0022generic\\u0022:\\u0022Generic Application\\u0022}\";\nWRM._unparsedData[\"com.atlassian.applinks.applinks-plugin:applinks-common-exported.entity-types\"]=\"{\\u0022singular\\u0022:{\\u0022refapp.charlie\\u0022:\\u0022Charlie\\u0022,\\u0022fecru.project\\u0022:\\u0022Crucible Project\\u0022,\\u0022fecru.repository\\u0022:\\u0022FishEye Repository\\u0022,\\u0022stash.project\\u0022:\\u0022Stash Project\\u0022,\\u0022generic.entity\\u0022:\\u0022Generic Project\\u0022,\\u0022confluence.space\\u0022:\\u0022Confluence Space\\u0022,\\u0022bamboo.project\\u0022:\\u0022Bamboo Project\\u0022,\\u0022jira.project\\u0022:\\u0022Jira Project\\u0022},\\u0022plural\\u0022:{\\u0022refapp.charlie\\u0022:\\u0022Charlies\\u0022,\\u0022fecru.project\\u0022:\\u0022Crucible Projects\\u0022,\\u0022fecru.repository\\u0022:\\u0022FishEye Repositories\\u0022,\\u0022stash.project\\u0022:\\u0022Stash Projects\\u0022,\\u0022generic.entity\\u0022:\\u0022Generic Projects\\u0022,\\u0022confluence.space\\u0022:\\u0022Confluence Spaces\\u0022,\\u0022bamboo.project\\u0022:\\u0022Bamboo Projects\\u0022,\\u0022jira.project\\u0022:\\u0022Jira Projects\\u0022}}\";\nWRM._unparsedData[\"com.atlassian.applinks.applinks-plugin:applinks-common-exported.authentication-types\"]=\"{\\u0022com.atlassian.applinks.api.auth.types.BasicAuthenticationProvider\\u0022:\\u0022Basic Access\\u0022,\\u0022com.atlassian.applinks.api.auth.types.TrustedAppsAuthenticationProvider\\u0022:\\u0022Trusted Applications\\u0022,\\u0022com.atlassian.applinks.api.auth.types.CorsAuthenticationProvider\\u0022:\\u0022CORS\\u0022,\\u0022com.atlassian.applinks.api.auth.types.OAuthAuthenticationProvider\\u0022:\\u0022OAuth\\u0022,\\u0022com.atlassian.applinks.api.auth.types.TwoLeggedOAuthAuthenticationProvider\\u0022:\\u0022OAuth\\u0022,\\u0022com.atlassian.applinks.api.auth.types.TwoLeggedOAuthWithImpersonationAuthenticationProvider\\u0022:\\u0022OAuth\\u0022}\";\nWRM._unparsedData[\"com.atlassian.confluence.plugins.synchrony-interop:synchrony-status-banner-loader.synchrony-status\"]=\"false\";\nWRM._unparsedData[\"com.atlassian.confluence.plugins.confluence-feature-discovery-plugin:confluence-feature-discovery-plugin-resources.test-mode\"]=\"false\";\nWRM._unparsedData[\"com.atlassian.confluence.plugins.confluence-license-banner:confluence-license-banner-resources.license-details\"]=\"{\\u0022daysBeforeLicenseExpiry\\u0022:0,\\u0022daysBeforeMaintenanceExpiry\\u0022:0,\\u0022showLicenseExpiryBanner\\u0022:false,\\u0022showMaintenanceExpiryBanner\\u0022:false,\\u0022renewUrl\\u0022:null,\\u0022salesUrl\\u0022:null}\";\nWRM._unparsedData[\"com.atlassian.confluence.plugins.confluence-search-ui-plugin:confluence-search-ui-plugin-resources.i18n-data\"]=\"{\\u0022search.ui.recent.link.text\\u0022:\\u0022View more recently visited\\u0022,\\u0022search.ui.filter.space.category.input.label\\u0022:\\u0022Find space categories...\\u0022,\\u0022search.ui.search.results.empty\\u0022:\\u0022We couldn\\u005Cu0027\\u005Cu0027t find anything matching \\u005C\\u0022{0}\\u005C\\u0022.\\u0022,\\u0022search.ui.filter.clear.selected\\u0022:\\u0022Clear selected items\\u0022,\\u0022search.ui.content.name.search.items.panel.load.all.top.items.button.text\\u0022:\\u0022Show more app results...\\u0022,\\u0022search.ui.filter.space.archive.label\\u0022:\\u0022Search archived spaces\\u0022,\\u0022search.ui.filter.label\\u0022:\\u0022filter\\u0022,\\u0022search.ui.filter.contributor.button.text\\u0022:\\u0022Contributor\\u0022,\\u0022search.ui.filter.date.all.text\\u0022:\\u0022Any time\\u0022,\\u0022search.ui.filter.space.current.label\\u0022:\\u0022CURRENT\\u0022,\\u0022search.ui.clear.input.button.text\\u0022:\\u0022Clear text\\u0022,\\u0022search.ui.search.results.clear.button\\u0022:\\u0022clear your filters.\\u0022,\\u0022search.ui.filter.date.hour.text\\u0022:\\u0022The past day\\u0022,\\u0022help.search.ui.link.title\\u0022:\\u0022Search tips\\u0022,\\u0022search.ui.filters.heading\\u0022:\\u0022Filter by\\u0022,\\u0022search.ui.filter.label.input.label\\u0022:\\u0022Find labels...\\u0022,\\u0022search.ui.recent.items.anonymous\\u0022:\\u0022Start exploring. Your search results will appear here.\\u0022,\\u0022search.ui.filter.date.month.text\\u0022:\\u0022The past month\\u0022,\\u0022search.ui.input.label\\u0022:\\u0022Search\\u0022,\\u0022search.ui.search.result\\u0022:\\u0022{0,choice,1#{0} search result|1\\u005Cu003c{0} search results}\\u0022,\\u0022search.ui.infinite.scroll.button.text\\u0022:\\u0022More results\\u0022,\\u0022search.ui.filte",
   "datamd5" : "eeb676ad7a1d557d703a025b4af49595",
   "datammh3" : 1972293814,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "amazonaws.com"
   ],
   "forward" : "44.243.92.171",
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "amazon.com",
         "amazonaws.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "AMAZO-ZPDX",
      "organization" : "Amazon.com, Inc.",
      "subnet" : "44.224.0.0/11"
   },
   "host" : [
      "ec2-44-243-92-171"
   ],
   "hostname" : [
      "44.243.92.171",
      "ec2-44-243-92-171.us-west-2.compute.amazonaws.com"
   ],
   "ip" : "44.243.92.171",
   "ipv6" : "false",
   "latitude" : "45.8491",
   "location" : "45.8491,-119.7143",
   "longitude" : "-119.7143",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "port" : 4040,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "reverse" : [
      "ec2-44-243-92-171.us-west-2.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan::redirect::1",
   "status" : 200,
   "subdomains" : [
      "us-west-2.compute.amazonaws.com",
      "compute.amazonaws.com"
   ],
   "subnet" : "44.224.0.0/11",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/./login.action"
}

IP

213.230.120.81

Network

213.230.64.0/18

Domain(s)

decor.uz

Device

<enterprise field>: device.class

URL

http://213.230.120.81:4040/ 301

HTTP Title

Resource can be reach on other place

Reverse DNS

mail.decor.uz

ASN

AS8193

Organization

Uzbektelekom Joint Stock Company

Protocol

http

Source

datascan::redirect::5

Product

Kerio Control 9.2.1

CPE(s)

<enterprise field>: cpe

Data MD5

0232faaddec90be99f2fe01dab42f6d2

HTTP Header MD5

ff4085137ee6c761487f544b24929599

HTTP Body MD5

64e2afd99c566ab074f0e30f627126b9

HTTP/1.1 301 Moved permanently
Connection: Close
Content-Length: 314
Content-Type: text/html
Date: Thu, 21 Nov 2024 09:05:57 GMT
Location: https://<ip>:4040/
Server: Kerio Connect 9.2.1
X-UA-Compatible: IE=edge

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Resource can be reach on other place</title>
</head>
<body>
<p>Use following link to obtain <a href="https://<ip>:4040/">requested resource</a></p>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T09:06:04.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "64e2afd99c566ab074f0e30f627126b9",
         "bodymmh3" : -1892820458,
         "headermd5" : "ff4085137ee6c761487f544b24929599",
         "headermmh3" : -702135685,
         "title" : "Resource can be reach on other place"
      },
      "length" : 525
   },
   "asn" : "AS8193",
   "city" : "Tashkent",
   "country" : "UZ",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 301 Moved permanently\r\nConnection: Close\r\nContent-Length: 314\r\nContent-Type: text/html\r\nDate: Thu, 21 Nov 2024 09:05:57 GMT\r\nLocation: https://<ip>:4040/\r\nServer: Kerio Connect 9.2.1\r\nX-UA-Compatible: IE=edge\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n<title>Resource can be reach on other place</title>\n</head>\n<body>\n<p>Use following link to obtain <a href=\"https://<ip>:4040/\">requested resource</a></p>\n</body>\n</html>\n",
   "datamd5" : "0232faaddec90be99f2fe01dab42f6d2",
   "datammh3" : 1005024340,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "decor.uz"
   ],
   "forward" : "213.230.120.81",
   "host" : [
      "mail"
   ],
   "hostname" : [
      "213.230.120.81",
      "mail.decor.uz"
   ],
   "ip" : "213.230.120.81",
   "ipv6" : "false",
   "latitude" : "41.2615",
   "location" : "41.2615,69.2177",
   "longitude" : "69.2177",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Uzbektelekom Joint Stock Company",
   "port" : 4040,
   "product" : "Control",
   "productvendor" : "Kerio",
   "productversion" : "9.2.1",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Moved permanently",
   "reverse" : [
      "mail.decor.uz"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan::redirect::5",
   "status" : 301,
   "subnet" : "213.230.64.0/18",
   "tld" : [
      "uz"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

78.109.200.241

Network

78.109.192.0/20

Domain(s)

mopon-newsletter.ir

Device

<enterprise field>: device.class

URL

http://78.109.200.241:4040/ 301

HTTP Title

Resource can be reach on other place

Reverse DNS

mopon-newsletter.ir

ASN

AS25184

Organization

Afranet

Protocol

http

Source

datascan::redirect::2

Product

Kerio Control 9.2.0

CPE(s)

<enterprise field>: cpe

Data MD5

5069f3eab9683a1176f98d82268d10fb

HTTP Header MD5

ba2da2e8e06b2dc7f38c4a60e5b72b8d

HTTP Body MD5

64e2afd99c566ab074f0e30f627126b9

HTTP/1.1 301 Moved permanently
Connection: Close
Content-Length: 314
Content-Type: text/html
Date: Thu, 21 Nov 2024 09:09:47 GMT
Location: https://<ip>:4040/
Server: Kerio Connect 9.2.0
X-UA-Compatible: IE=edge

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Resource can be reach on other place</title>
</head>
<body>
<p>Use following link to obtain <a href="https://<ip>:4040/">requested resource</a></p>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T09:05:08.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "64e2afd99c566ab074f0e30f627126b9",
         "bodymmh3" : -1892820458,
         "headermd5" : "ba2da2e8e06b2dc7f38c4a60e5b72b8d",
         "headermmh3" : 1092290132,
         "title" : "Resource can be reach on other place"
      },
      "length" : 525
   },
   "asn" : "AS25184",
   "country" : "IR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 301 Moved permanently\r\nConnection: Close\r\nContent-Length: 314\r\nContent-Type: text/html\r\nDate: Thu, 21 Nov 2024 09:09:47 GMT\r\nLocation: https://<ip>:4040/\r\nServer: Kerio Connect 9.2.0\r\nX-UA-Compatible: IE=edge\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n<title>Resource can be reach on other place</title>\n</head>\n<body>\n<p>Use following link to obtain <a href=\"https://<ip>:4040/\">requested resource</a></p>\n</body>\n</html>\n",
   "datamd5" : "5069f3eab9683a1176f98d82268d10fb",
   "datammh3" : 1835168153,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "mopon-newsletter.ir"
   ],
   "forward" : "78.109.200.241",
   "geolocus" : {
      "asn" : "AS25184",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "IR",
      "countryname" : "Iran",
      "domain" : [
         "afranet.com"
      ],
      "isineu" : "false",
      "latitude" : "32.427908",
      "location" : "32.427908,53.688046",
      "longitude" : "53.688046",
      "netname" : "IR-AFRANET-20070717",
      "organization" : "Afranet",
      "subnet" : "78.109.192.0/20"
   },
   "hostname" : [
      "78.109.200.241",
      "mopon-newsletter.ir"
   ],
   "ip" : "78.109.200.241",
   "ipv6" : "false",
   "latitude" : "35.6980",
   "location" : "35.6980,51.4115",
   "longitude" : "51.4115",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Afranet",
   "port" : 4040,
   "product" : "Control",
   "productvendor" : "Kerio",
   "productversion" : "9.2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Moved permanently",
   "reverse" : [
      "mopon-newsletter.ir"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan::redirect::2",
   "status" : 301,
   "subnet" : "78.109.192.0/20",
   "tld" : [
      "ir"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

109.190.208.75

Network

109.190.0.0/16

Device

<enterprise field>: device.class

URL

http://109.190.208.75:4040/ 301

HTTP Title

Resource can be reach on other place

ASN

AS35540

Organization

OVH SAS

Protocol

http

Source

datascan::redirect::5

Data MD5

7c8a5dc3dc68b0b3c15341cf9221248b

HTTP Header MD5

069fee52bb0f53cb7365a1d7bb890f4d

HTTP Body MD5

64e2afd99c566ab074f0e30f627126b9

HTTP/1.1 301 Moved permanently
Connection: Close
Content-Length: 314
Content-Type: text/html
Date: Thu, 21 Nov 2024 09:05:53 GMT
Location: https://<ip>:4040/
X-UA-Compatible: IE=edge

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Resource can be reach on other place</title>
</head>
<body>
<p>Use following link to obtain <a href="https://<ip>:4040/">requested resource</a></p>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T09:05:07.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "64e2afd99c566ab074f0e30f627126b9",
         "bodymmh3" : -1892820458,
         "headermd5" : "069fee52bb0f53cb7365a1d7bb890f4d",
         "headermmh3" : 495896164,
         "title" : "Resource can be reach on other place"
      },
      "length" : 496
   },
   "asn" : "AS35540",
   "city" : "Issy-les-Moulineaux",
   "country" : "FR",
   "data" : "HTTP/1.1 301 Moved permanently\r\nConnection: Close\r\nContent-Length: 314\r\nContent-Type: text/html\r\nDate: Thu, 21 Nov 2024 09:05:53 GMT\r\nLocation: https://<ip>:4040/\r\nX-UA-Compatible: IE=edge\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n<title>Resource can be reach on other place</title>\n</head>\n<body>\n<p>Use following link to obtain <a href=\"https://<ip>:4040/\">requested resource</a></p>\n</body>\n</html>\n",
   "datamd5" : "7c8a5dc3dc68b0b3c15341cf9221248b",
   "datammh3" : 680111204,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "forward" : "109.190.208.75",
   "geolocus" : {
      "asn" : "AS35540",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "FR",
      "countryname" : "France",
      "domain" : [
         "ovh.fr",
         "ovh.net"
      ],
      "isineu" : "true",
      "latitude" : "46.227638",
      "location" : "46.227638,2.213749",
      "longitude" : "2.213749",
      "netname" : "OVH-DSL",
      "organization" : "OVH Telecom",
      "subnet" : "109.190.0.0/16"
   },
   "hostname" : [
      "109.190.208.75"
   ],
   "ip" : "109.190.208.75",
   "ipv6" : "false",
   "latitude" : "48.8232",
   "location" : "48.8232,2.2780",
   "longitude" : "2.2780",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "OVH SAS",
   "port" : 4040,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Moved permanently",
   "seen_date" : "2024-11-21",
   "source" : "datascan::redirect::5",
   "status" : 301,
   "subnet" : "109.190.0.0/16",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

195.88.198.247

Network

195.88.198.0/23

Domain(s)

su408.ru

Device

<enterprise field>: device.class

URL

http://195.88.198.247:4040/ 301

HTTP Title

Resource can be reach on other place

Reverse DNS

mail.su408.ru

ASN

AS49156

Organization

Izhline Ltd.

Protocol

http

Source

datascan::redirect::5

Data MD5

7c8a5dc3dc68b0b3c15341cf9221248b

HTTP Header MD5

069fee52bb0f53cb7365a1d7bb890f4d

HTTP Body MD5

64e2afd99c566ab074f0e30f627126b9

HTTP/1.1 301 Moved permanently
Connection: Close
Content-Length: 314
Content-Type: text/html
Date: Thu, 21 Nov 2024 09:04:53 GMT
Location: https://<ip>:4040/
X-UA-Compatible: IE=edge

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Resource can be reach on other place</title>
</head>
<body>
<p>Use following link to obtain <a href="https://<ip>:4040/">requested resource</a></p>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T09:05:06.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "64e2afd99c566ab074f0e30f627126b9",
         "bodymmh3" : -1892820458,
         "headermd5" : "069fee52bb0f53cb7365a1d7bb890f4d",
         "headermmh3" : 38516704,
         "title" : "Resource can be reach on other place"
      },
      "length" : 496
   },
   "asn" : "AS49156",
   "country" : "RU",
   "data" : "HTTP/1.1 301 Moved permanently\r\nConnection: Close\r\nContent-Length: 314\r\nContent-Type: text/html\r\nDate: Thu, 21 Nov 2024 09:04:53 GMT\r\nLocation: https://<ip>:4040/\r\nX-UA-Compatible: IE=edge\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n<title>Resource can be reach on other place</title>\n</head>\n<body>\n<p>Use following link to obtain <a href=\"https://<ip>:4040/\">requested resource</a></p>\n</body>\n</html>\n",
   "datamd5" : "7c8a5dc3dc68b0b3c15341cf9221248b",
   "datammh3" : 680111204,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "su408.ru"
   ],
   "forward" : "195.88.198.247",
   "host" : [
      "mail"
   ],
   "hostname" : [
      "195.88.198.247",
      "mail.su408.ru"
   ],
   "ip" : "195.88.198.247",
   "ipv6" : "false",
   "latitude" : "55.7386",
   "location" : "55.7386,37.6068",
   "longitude" : "37.6068",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Izhline Ltd.",
   "port" : 4040,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Moved permanently",
   "reverse" : [
      "mail.su408.ru"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan::redirect::5",
   "status" : 301,
   "subnet" : "195.88.198.0/23",
   "tld" : [
      "ru"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

217.160.55.153

Network

217.160.0.0/16

Device

<enterprise field>: device.class

URL

http://217.160.55.153:4040/ 301

HTTP Title

Resource can be reach on other place

ASN

AS8560

Organization

IONOS SE

Protocol

http

Source

datascan::redirect::2

Product

Kerio Control 10.0.4

CPE(s)

<enterprise field>: cpe

Data MD5

edbd65b956938fa8314e1a9c62bfbd36

HTTP Header MD5

df9031ae399ab444f3f243007d869329

HTTP Body MD5

64e2afd99c566ab074f0e30f627126b9

HTTP/1.1 301 Moved permanently
Connection: Close
Content-Length: 314
Content-Type: text/html
Date: Thu, 21 Nov 2024 09:05:05 GMT
Location: https://<ip>:4040/
Server: Kerio Connect 10.0.4
X-UA-Compatible: IE=edge

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Resource can be reach on other place</title>
</head>
<body>
<p>Use following link to obtain <a href="https://<ip>:4040/">requested resource</a></p>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T09:05:05.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "64e2afd99c566ab074f0e30f627126b9",
         "bodymmh3" : -1892820458,
         "headermd5" : "df9031ae399ab444f3f243007d869329",
         "headermmh3" : 1684166819,
         "title" : "Resource can be reach on other place"
      },
      "length" : 526
   },
   "asn" : "AS8560",
   "country" : "DE",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 301 Moved permanently\r\nConnection: Close\r\nContent-Length: 314\r\nContent-Type: text/html\r\nDate: Thu, 21 Nov 2024 09:05:05 GMT\r\nLocation: https://<ip>:4040/\r\nServer: Kerio Connect 10.0.4\r\nX-UA-Compatible: IE=edge\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n<title>Resource can be reach on other place</title>\n</head>\n<body>\n<p>Use following link to obtain <a href=\"https://<ip>:4040/\">requested resource</a></p>\n</body>\n</html>\n",
   "datamd5" : "edbd65b956938fa8314e1a9c62bfbd36",
   "datammh3" : -1593704217,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "forward" : "217.160.55.153",
   "geolocus" : {
      "asn" : "AS8560",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "DE",
      "countryname" : "Germany",
      "domain" : [
         "ionos.com",
         "oneandone.net"
      ],
      "isineu" : "true",
      "latitude" : "51.165691",
      "location" : "51.165691,10.451526",
      "longitude" : "10.451526",
      "netname" : "IONOS-CUSTOMERS",
      "organization" : "IONOS-PA-3",
      "subnet" : "217.160.48.0/20"
   },
   "hostname" : [
      "217.160.55.153"
   ],
   "ip" : "217.160.55.153",
   "ipv6" : "false",
   "latitude" : "51.2993",
   "location" : "51.2993,9.4910",
   "longitude" : "9.4910",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "IONOS SE",
   "port" : 4040,
   "product" : "Control",
   "productvendor" : "Kerio",
   "productversion" : "10.0.4",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Moved permanently",
   "seen_date" : "2024-11-21",
   "source" : "datascan::redirect::2",
   "status" : 301,
   "subnet" : "217.160.0.0/16",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

103.28.38.80

Network

103.28.36.0/22

Domain(s)

gpbpo.com

Device

<enterprise field>: device.class

URL

http://103.28.38.80:4040/ 301

HTTP Title

Resource can be reach on other place

Reverse DNS

mail.gpbpo.com

ASN

AS131353

Organization

NhanHoa Software company

Protocol

http

Source

datascan::redirect::3

Product

Kerio Control 9.2.1

CPE(s)

<enterprise field>: cpe

Data MD5

a18d9b5dbd22440f0a1cc26d8a294619

HTTP Header MD5

ff4085137ee6c761487f544b24929599

HTTP Body MD5

64e2afd99c566ab074f0e30f627126b9

HTTP/1.1 301 Moved permanently
Connection: Close
Content-Length: 312
Content-Type: text/html
Date: Thu, 21 Nov 2024 09:04:09 GMT
Location: https://<ip>:4040/
Server: Kerio Connect 9.2.1
X-UA-Compatible: IE=edge

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Resource can be reach on other place</title>
</head>
<body>
<p>Use following link to obtain <a href="https://<ip>:4040/">requested resource</a></p>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T09:04:09.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "64e2afd99c566ab074f0e30f627126b9",
         "bodymmh3" : -1892820458,
         "headermd5" : "ff4085137ee6c761487f544b24929599",
         "headermmh3" : -932515939,
         "title" : "Resource can be reach on other place"
      },
      "length" : 525
   },
   "asn" : "AS131353",
   "country" : "VN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 301 Moved permanently\r\nConnection: Close\r\nContent-Length: 312\r\nContent-Type: text/html\r\nDate: Thu, 21 Nov 2024 09:04:09 GMT\r\nLocation: https://<ip>:4040/\r\nServer: Kerio Connect 9.2.1\r\nX-UA-Compatible: IE=edge\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n<title>Resource can be reach on other place</title>\n</head>\n<body>\n<p>Use following link to obtain <a href=\"https://<ip>:4040/\">requested resource</a></p>\n</body>\n</html>\n",
   "datamd5" : "a18d9b5dbd22440f0a1cc26d8a294619",
   "datammh3" : 1959395727,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "gpbpo.com"
   ],
   "forward" : "103.28.38.80",
   "geolocus" : {
      "asn" : "AS131353",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "VN",
      "countryname" : "Vietnam",
      "domain" : [
         "nhanhoa.com",
         "nhanhoa.com.vn",
         "vnnic.vn"
      ],
      "isineu" : "false",
      "latitude" : "14.058324",
      "location" : "14.058324,108.277199",
      "longitude" : "108.277199",
      "netname" : "NHANHOA-VN",
      "organization" : "NHANHOA-VN",
      "subnet" : "103.28.36.0/22"
   },
   "host" : [
      "mail"
   ],
   "hostname" : [
      "103.28.38.80",
      "mail.gpbpo.com"
   ],
   "ip" : "103.28.38.80",
   "ipv6" : "false",
   "latitude" : "16.1667",
   "location" : "16.1667,107.8333",
   "longitude" : "107.8333",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "NhanHoa Software company",
   "port" : 4040,
   "product" : "Control",
   "productvendor" : "Kerio",
   "productversion" : "9.2.1",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Moved permanently",
   "reverse" : [
      "mail.gpbpo.com"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan::redirect::3",
   "status" : 301,
   "subnet" : "103.28.36.0/22",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

52.64.17.66

Network

52.64.0.0/14

Domain(s)

amazonaws.com

Device

<enterprise field>: device.class

URL

http://52.64.17.66:4040/ 301

HTTP Title

Resource can be reach on other place

Reverse DNS

ec2-52-64-17-66.ap-southeast-2.compute.amazonaws.com

ASN

AS16509

Organization

AMAZON-02

Protocol

http

Source

datascan::redirect::3

Product

Kerio Control 8.3.1

CPE(s)

<enterprise field>: cpe

Data MD5

e7763a9b3177cda27376359994867f6c

HTTP Header MD5

ffb9e1b17a4c14ae2948e9848b35f63d

HTTP Body MD5

64e2afd99c566ab074f0e30f627126b9

HTTP/1.1 301 Moved permanently
Connection: Close
Content-Length: 311
Content-Type: text/html
Date: Thu, 21 Nov 2024 09:04:07 GMT
Location: https://<ip>:4040/
Server: Kerio Connect 8.3.1
X-UA-Compatible: IE=edge

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Resource can be reach on other place</title>
</head>
<body>
<p>Use following link to obtain <a href="https://<ip>:4040/">requested resource</a></p>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T09:04:05.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "64e2afd99c566ab074f0e30f627126b9",
         "bodymmh3" : -1892820458,
         "headermd5" : "ffb9e1b17a4c14ae2948e9848b35f63d",
         "headermmh3" : 562103370,
         "title" : "Resource can be reach on other place"
      },
      "length" : 525
   },
   "asn" : "AS16509",
   "city" : "Sydney",
   "country" : "AU",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 301 Moved permanently\r\nConnection: Close\r\nContent-Length: 311\r\nContent-Type: text/html\r\nDate: Thu, 21 Nov 2024 09:04:07 GMT\r\nLocation: https://<ip>:4040/\r\nServer: Kerio Connect 8.3.1\r\nX-UA-Compatible: IE=edge\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n<title>Resource can be reach on other place</title>\n</head>\n<body>\n<p>Use following link to obtain <a href=\"https://<ip>:4040/\">requested resource</a></p>\n</body>\n</html>\n",
   "datamd5" : "e7763a9b3177cda27376359994867f6c",
   "datammh3" : 2090717691,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "amazonaws.com"
   ],
   "forward" : "52.64.17.66",
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "amazon.com",
         "amazonaws.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "AT-88-Z",
      "organization" : "Amazon Technologies Inc.",
      "subnet" : "52.64.0.0/15"
   },
   "host" : [
      "ec2-52-64-17-66"
   ],
   "hostname" : [
      "52.64.17.66",
      "ec2-52-64-17-66.ap-southeast-2.compute.amazonaws.com"
   ],
   "ip" : "52.64.17.66",
   "ipv6" : "false",
   "latitude" : "-33.8715",
   "location" : "-33.8715,151.2006",
   "longitude" : "151.2006",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "port" : 4040,
   "product" : "Control",
   "productvendor" : "Kerio",
   "productversion" : "8.3.1",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Moved permanently",
   "reverse" : [
      "ec2-52-64-17-66.ap-southeast-2.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-21",
   "source" : "datascan::redirect::3",
   "status" : 301,
   "subdomains" : [
      "ap-southeast-2.compute.amazonaws.com",
      "compute.amazonaws.com"
   ],
   "subnet" : "52.64.0.0/14",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

192.121.47.48

Network

192.121.46.0/23

Domain(s)

192.in-addr.arpa

Device

<enterprise field>: device.class <enterprise field>: device.productvendor

Operating System

SonicWall SonicOS

URL

http://192.121.47.48:4040/api/sonicos/tfa 404

HTTP Title

File not found!

Reverse DNS

48.47.121.192.in-addr.arpa

ASN

AS9009

Organization

M247 Europe SRL

Protocol

http

Source

sonicwall::mfa

Operating System

SonicWall SonicOS

HTTP Component(s)

SonicWall SonicWall

CPE(s)

<enterprise field>: cpe

Data MD5

5755cb1445e9589ecab966c61b395fa7

HTTP Header MD5

0e862c2c5c858aca5aaf86c297935dc8

HTTP Body MD5

326456eeee37a65622c86c2f63664d55

HTTP/1.0 404 Not Found
Server: SonicWALL
Expires: -1
Cache-Control: no-cache
Content-type: text/html;charset=UTF-8
X-Content-Type-Options: nosniff

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><title>File not found!</title><style type="text/css"><!--/*--><![CDATA[/*><!--*/ body { color: #000000; background-color: #FFFFFF; }

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T09:02:53.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/1999/xhtml",
            "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "326456eeee37a65622c86c2f63664d55",
         "bodymmh3" : 67183679,
         "component" : [
            {
               "product" : "SonicWall",
               "productvendor" : "SonicWall"
            }
         ],
         "headermd5" : "0e862c2c5c858aca5aaf86c297935dc8",
         "headermmh3" : 762823540,
         "title" : "File not found!"
      },
      "length" : 468
   },
   "asn" : "AS9009",
   "city" : "Milan",
   "country" : "IT",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.0 404 Not Found\r\nServer: SonicWALL\r\nExpires: -1\r\nCache-Control: no-cache\r\nContent-type: text/html;charset=UTF-8\r\nX-Content-Type-Options: nosniff\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\"><head><title>File not found!</title><style type=\"text/css\"><!--/*--><![CDATA[/*><!--*/ body { color: #000000; background-color: #FFFFFF; }",
   "datamd5" : "5755cb1445e9589ecab966c61b395fa7",
   "datammh3" : 1575132516,
   "device" : {
      "class" : "<enterprise field>: device.class",
      "productvendor" : "<enterprise field>: device.productvendor"
   },
   "domain" : [
      "192.in-addr.arpa"
   ],
   "host" : [
      48
   ],
   "hostname" : [
      "48.47.121.192.in-addr.arpa"
   ],
   "ip" : "192.121.47.48",
   "ipv6" : "false",
   "latitude" : "45.4722",
   "location" : "45.4722,9.1922",
   "longitude" : "9.1922",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "M247 Europe SRL",
   "os" : "SonicOS",
   "osvendor" : "SonicWall",
   "port" : 4040,
   "productvendor" : "SonicWall",
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "Not Found",
   "reverse" : [
      "48.47.121.192.in-addr.arpa"
   ],
   "seen_date" : "2024-11-21",
   "source" : "sonicwall::mfa",
   "status" : 404,
   "subdomains" : [
      "121.192.in-addr.arpa",
      "47.121.192.in-addr.arpa"
   ],
   "subnet" : "192.121.46.0/23",
   "tld" : [
      "in-addr.arpa"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/api/sonicos/tfa"
}